Description
Insufficient validation of untrusted input in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is an insufficient validation of untrusted input in the Chromecast component of Google Chrome. The weakness can allow a remote attacker who has already compromised the renderer process to construct a crafted HTML page that may escape the sandbox and gain higher privileges. This vulnerability is classified as a high‑severity risk.

Affected Systems

Affected versions are all releases of Google Chrome prior to 150.0.7871.47 on any platform. Once updated to 150.0.7871.47 or later, the issue is fixed. The vendor impacting is Google, specifically the Chrome browser.

Risk and Exploitability

The CVSS score is high, but the EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector requires the attacker to already compromise a renderer process and then deliver a malicious page. Consequently the exploitation difficulty is moderate to high, but the potential impact is significant if achieved.

Generated by OpenCVE AI on July 1, 2026 at 00:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Chrome update (150.0.7871.47 or newer) from the stable channel.
  • Restart all Chrome processes to ensure the patch takes effect.
  • If an immediate update is not possible, disable or restrict Chromecast functionality until the update is applied.

Generated by OpenCVE AI on July 1, 2026 at 00:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 01:15:00 +0000

Type Values Removed Values Added
Title Chromecast Untrusted Input Vulnerability Allows Sandbox Escape via Crafted HTML

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-20
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:36.532Z

Reserved: 2026-06-29T23:03:20.136Z

Link: CVE-2026-13797

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T01:00:14Z

Weaknesses
  • CWE-20

    Improper Input Validation